Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386335 (CVE-2009-5044)

Summary: sys-apps/groff-1.22.2 : multiple vulnerabilities (CVE-2009-{5044,5078,5079,5080,5081,5082})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 14:40:30 UTC 
CVE-2009-5082 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5082):
  The (1) configure and (2) config.guess scripts in GNU troff (aka groff)
  1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files
  upon a failure of the mktemp function, which makes it easier for local users
  to overwrite arbitrary files via a symlink attack on a temporary file.

CVE-2009-5081 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5081):
  The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3)
  contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and
  earlier use an insufficient number of X characters in the template argument
  to the tempfile function, which makes it easier for local users to overwrite
  arbitrary files via a symlink attack on a temporary file, a different
  vulnerability than CVE-2004-0969.

CVE-2009-5080 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5080):
  The (1) contrib/eqn2graph/eqn2graph.sh, (2)
  contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh
  scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle
  certain failed attempts to create temporary directories, which might allow
  local users to overwrite arbitrary files via a symlink attack on a file in a
  temporary directory, a different vulnerability than CVE-2004-1296.

CVE-2009-5079 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5079):
  The (1) gendef.sh, (2) doc/fixinfo.sh, and (3)
  contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and
  earlier allow local users to overwrite arbitrary files via a symlink attack
  on a gro#####.tmp or /tmp/##### temporary file.

CVE-2009-5078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5078):
  contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the
  Ghostscript program without the -dSAFER option, which allows remote
  attackers to create, overwrite, rename, or delete arbitrary files via a
  crafted document.

CVE-2009-5044 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5044):
  contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local
  users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp
  temporary file.
Comment 1 Agostino Sarubbo gentoo-dev 2013-08-29 16:08:52 UTC 
@security, some of these description says that 1.21 is affected.

What do you think?
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-08-29 17:50:07 UTC 
I think that the maintainers need to tell us whether we're good to stabilize, and which version they want us to stable.
Comment 3 Sean Amoss (RETIRED) gentoo-dev Security 2013-09-30 23:19:02 UTC 
Maintainers: ping ^
Comment 4 Chris Reffett (RETIRED) gentoo-dev Security 2013-10-05 01:49:38 UTC 
Maintainer timeout. Arches, please test and stabilize:
=sys-apps/groff-1.22.2
Target arches: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 5 Markus Meier gentoo-dev 2013-10-05 19:30:16 UTC 
arm stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-10-05 20:48:16 UTC 
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-10-06 07:52:17 UTC 
x86 stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-10-06 10:13:31 UTC 
ia64 stable
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2013-10-06 14:04:58 UTC 
Stable for HPPA.
Comment 10 Agostino Sarubbo gentoo-dev 2013-10-06 15:21:07 UTC 
alpha stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-10-07 19:31:48 UTC 
ppc stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-10-09 11:19:28 UTC 
ppc64 stable
Comment 13 Agostino Sarubbo gentoo-dev 2013-10-09 17:11:14 UTC 
sparc stable
Comment 14 Chris Reffett (RETIRED) gentoo-dev Security 2013-10-10 02:37:20 UTC 
GLSA request filed.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2013-10-25 23:15:41 UTC 
This issue was resolved and addressed in
 GLSA 201310-14 at http://security.gentoo.org/glsa/glsa-201310-14.xml
by GLSA coordinator Chris Reffett (creffett).